[c-nsp] Will the Cisco 2911 push GigE with NAT enabled ?
Dave
dcostell-cisconsp at torzo.com
Mon Apr 30 11:44:21 EDT 2012
On 04/30/2012 08:41 AM, Nick Hilliard wrote:
> On 30/04/2012 16:30, Mackinnon, Ian wrote:
>> It says a 2911 will top out at about 180M with no features.
>
> that's the figure for 64 byte packets. For imix the feature-free result
> will be quite a chunk higher. But then every feature you add (NAT, policy
> routing, full dfz, etc) will cause the performance to drop off significantly.
>
> Dave, can you post your interface configuration?
>
> Nick
Yup, tho I think this is most likely the wrong device for the job. I'd
love to get feedback on what I could do better.
interface GigabitEthernet0/0
ip address xxx.xxx.xxx 255.255.255.252
ip access-group OFFICE_LAN in
no ip unreachables
no ip proxy-arp
ip flow egress
ip nat outside
no ip virtual-reassembly in
duplex auto
speed auto
no mop enabled
!
interface GigabitEthernet0/1
no ip address
no ip unreachables
ip nbar protocol-discovery
ip flow ingress
ip flow egress
ip nat inside
no ip virtual-reassembly in
duplex auto
speed auto
no mop enabled
!
interface GigabitEthernet0/1.1
description Old Office Network
encapsulation dot1Q 1 native
ip address 10.0.0.1 255.128.0.0
ip flow ingress
ip nat inside
no ip virtual-reassembly in
ipv6 enable
ipv6 nd ra suppress
ipv6 ospf 15082 area 0
no cdp enable
!
the OFFICE_LAN acl is a 3 line rule to block ssh from all but one
specific external IP.
Dave
More information about the cisco-nsp
mailing list